Allowing users to update their own AD user information displayed in GAL?

  • Thread starter Thread starter Barkley Bees
  • Start date Start date
B

Barkley Bees

What is the most recommended tool/solution for allowing users to effectively
update their own Active Directory user information (all informational
fields) that is displayed in the GAL? Thank you.

*note: All 2003 environment (AD, Exchange and Outlook).
 
Hello barkley,

I would not let the users play around, you have more work after that.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
Hum. In one hand they can maintain their own information updated with the
most recently information. In the other hand hey can cheat data or their
record :D.
Assuming that internal policy states that the user must update its own
information, you'll know how cheated :P.
Of course you always have auditing to check who did it, tracking that
information can be "PITA"


--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
 
Standardization is a nightmare.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"Jorge de Almeida Pinto [MVP - DS]"
 
We're saying the same thing, I just said it crappy. I should have said that
achieving standardization is a nightmare when everyone enters his or her own
data.

The best way to populate data in AD is through synchronization from human
resources and other systems where the data is properly controlled and
maintained.
 
even the HR people can make a mess of it

it depends on what is import for you for users not to screw it up or what
you do not care about. A way to mitigate a risk is to create some kind of
self service web page that does not checks and also provides informational
examples of possible entries

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ed Crowley said:
We're saying the same thing, I just said it crappy. I should have said
that achieving standardization is a nightmare when everyone enters his or
her own data.

The best way to populate data in AD is through synchronization from human
resources and other systems where the data is properly controlled and
maintained.
Click to expand...
 
Yeah, but if the HR people do make a mess of it it's their problem.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"Jorge de Almeida Pinto [MVP - DS]"
even the HR people can make a mess of it

it depends on what is import for you for users not to screw it up or what
you do not care about. A way to mitigate a risk is to create some kind of
self service web page that does not checks and also provides informational
examples of possible entries

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
Click to expand...
 
even the HR people can make a mess of it
Click to expand...

True, but there are fewer of them and it's not as difficult to get
them to conform.
it depends on what is import for you for users not to screw it up or what
you do not care about.
Click to expand...

What you don't care about doesn't belong in a directory.
A way to mitigate a risk is to create some kind of
self service web page that does not checks and also provides informational
examples of possible entries
Click to expand...

If you don't care there's no risk, is there?

If, at some time in the future you/do/ decide to care you'll have a
big cleanup job to undertake.
 
Ed Crowley said:
Yeah, but if the HR people do make a mess of it it's their problem.
Click to expand...


I agree. What we do in one large corp I work at is HR submits an employee
initiation form to IT security (AD folks) and they create the user and
populate data based on SOP. If any changes are required, HR or the user
submits a service request, it's evaluated for viability and need, and
reacted on whether it gets updated or denied, once again based on SOP.

Standardization, consistency and central control all based on SOP.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
is true. but it also depends on what you care about being consistent,etc..
If you do not care about mobile phone numbers you can let the user do that
him/herself.

I agree if it would a name change you would have to submit to HR or someone
to validate (e.g. when someone gets married and because of that the name
changes and the person wants to use that name)


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
"Jorge de Almeida Pinto [MVP - DS]"
is true. but it also depends on what you care about being consistent,etc..
If you do not care about mobile phone numbers you can let the user do
that him/herself.

I agree if it would a name change you would have to submit to HR or
someone to validate (e.g. when someone gets married and because of that
the name changes and the person wants to use that name)
Click to expand...

Even mobile #s. It's a strict shop. Due to the nature of the business, there
are some fed guidelines that must be followed. I'm not saying a mobile #
would fall under such scrutiny, but without saying much further, they're
requirements are tight.
 
maybe for that company..
I have seen company that allow to update all kinds of things.

Not every company is the same

It is all about requirements and company policies (or what is important or
not)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ace Fekay said:
"Jorge de Almeida Pinto [MVP - DS]"
is true. but it also depends on what you care about being
consistent,etc.. If you do not care about mobile phone numbers you can
let the user do that him/herself.

I agree if it would a name change you would have to submit to HR or
someone to validate (e.g. when someone gets married and because of that
the name changes and the person wants to use that name)
Click to expand...

Even mobile #s. It's a strict shop. Due to the nature of the business,
there are some fed guidelines that must be followed. I'm not saying a
mobile # would fall under such scrutiny, but without saying much further,
they're requirements are tight.
Click to expand...
 
Don't waste your time on expensive solutions. The best I have found so far
is this:

http://www.turbo-it.com

It is called SMOP and allows users to reset their own passwords-they have to
do a simple registration and answer some questions and then they get to
unlock their own accounts and change their own passwords - one bonus this
thing has is that it allows to change passwords also from web based form.
 
I would use Corporate Directory by View2C
It allows each user to update his own contact information back to Active Directory and also allows quick and automatic phone book with "Google" like search capability
 
Back
Top